A bypass for Cloudfront XSS WAF has been discovered. The payload involves combining strings, using backticks, replacing spaces with slashes, and encoding symbols. This bypass allows executing XSS attacks even when protected by Cloudfront's WAF. More details can be found in the tweet by @zapstiko. #bugbountytips #bugbounty
Check out the original tweet here: https://twitter.com/RootMoksha/status/1791350269328142766